diff --git a/build/build-image/Dockerfile b/build/build-image/Dockerfile index 2adbd5ae1c5..60cd464ed9c 100644 --- a/build/build-image/Dockerfile +++ b/build/build-image/Dockerfile @@ -18,7 +18,14 @@ FROM gcr.io/google_containers/kube-cross:KUBE_BUILD_IMAGE_CROSS_TAG # Mark this as a kube-build container RUN touch /kube-build-image -WORKDIR /go/src/k8s.io/kubernetes +# TO run as non-root we sometimes need to rebuild go stdlib packages. +RUN chmod -R a+rwx /usr/local/go/pkg + +# The kubernetes source is expected to be mounted here. This will be the base +# of operations. +ENV HOME /go/src/k8s.io/kubernetes +WORKDIR ${HOME} +RUN chmod -R a+rwx ${HOME} # Propagate the git tree version into the build image ADD kube-version-defs /kube-version-defs diff --git a/build/common.sh b/build/common.sh index 864c9cd129f..9f9c3e58f74 100755 --- a/build/common.sh +++ b/build/common.sh @@ -61,6 +61,7 @@ readonly KUBE_BUILD_IMAGE_CROSS_TAG="v1.6.2-2" readonly LOCAL_OUTPUT_ROOT="${KUBE_ROOT}/${OUT_DIR:-_output}" readonly LOCAL_OUTPUT_SUBPATH="${LOCAL_OUTPUT_ROOT}/dockerized" readonly LOCAL_OUTPUT_BINPATH="${LOCAL_OUTPUT_SUBPATH}/bin" +readonly LOCAL_OUTPUT_GOPATH="${LOCAL_OUTPUT_SUBPATH}/go" readonly LOCAL_OUTPUT_IMAGE_STAGING="${LOCAL_OUTPUT_ROOT}/images" readonly OUTPUT_BINPATH="${CUSTOM_OUTPUT_BINPATH:-$LOCAL_OUTPUT_BINPATH}" @@ -68,18 +69,13 @@ readonly OUTPUT_BINPATH="${CUSTOM_OUTPUT_BINPATH:-$LOCAL_OUTPUT_BINPATH}" readonly REMOTE_OUTPUT_ROOT="/go/src/${KUBE_GO_PACKAGE}/_output" readonly REMOTE_OUTPUT_SUBPATH="${REMOTE_OUTPUT_ROOT}/dockerized" readonly REMOTE_OUTPUT_BINPATH="${REMOTE_OUTPUT_SUBPATH}/bin" +readonly REMOTE_OUTPUT_GOPATH="${REMOTE_OUTPUT_SUBPATH}/go" readonly DOCKER_MOUNT_ARGS_BASE=( --volume "${OUTPUT_BINPATH}:${REMOTE_OUTPUT_BINPATH}" --volume /etc/localtime:/etc/localtime:ro ) -# We create a Docker data container to cache incremental build artifacts. -readonly REMOTE_OUTPUT_GOPATH="${REMOTE_OUTPUT_SUBPATH}/go" -readonly DOCKER_DATA_MOUNT_ARGS=( - --volume "${REMOTE_OUTPUT_GOPATH}" -) - # This is where the final release artifacts are created locally readonly RELEASE_STAGE="${LOCAL_OUTPUT_ROOT}/release-stage" readonly RELEASE_DIR="${LOCAL_OUTPUT_ROOT}/release-tars" @@ -313,11 +309,11 @@ function kube::build::clean_output() { kube::log::error "Build image not built. Cannot clean via docker build image." fi - kube::log::status "Removing data container" + kube::log::status "Removing data container ${KUBE_BUILD_DATA_CONTAINER_NAME}" "${DOCKER[@]}" rm -v "${KUBE_BUILD_DATA_CONTAINER_NAME}" >/dev/null 2>&1 || true fi - kube::log::status "Cleaning out local _output directory" + kube::log::status "Removing _output directory" rm -rf "${LOCAL_OUTPUT_ROOT}" } @@ -525,7 +521,7 @@ function kube::build::docker_build() { local -r pull="${3:-true}" local -ra build_cmd=("${DOCKER[@]}" build -t "${image}" "--pull=${pull}" "${context_dir}") - kube::log::status "Building Docker image ${image}." + kube::log::status "Building Docker image ${image}" local docker_output docker_output=$("${build_cmd[@]}" 2>&1) || { cat <&2 @@ -559,14 +555,31 @@ function kube::build::clean_images() { } function kube::build::ensure_data_container() { - if ! "${DOCKER[@]}" inspect "${KUBE_BUILD_DATA_CONTAINER_NAME}" >/dev/null 2>&1; then - kube::log::status "Creating data container" + # If the data container exists AND exited successfully, we can use it. + # Otherwise nuke it and start over. + local ret=0 + local code=$(docker inspect \ + -f '{{.State.ExitCode}}' \ + "${KUBE_BUILD_DATA_CONTAINER_NAME}" 2>/dev/null || ret=$?) + if [[ "${ret}" == 0 && "${code}" != 0 ]]; then + kube::build::destroy_container "${KUBE_BUILD_DATA_CONTAINER_NAME}" + ret=1 + fi + if [[ "${ret}" != 0 ]]; then + kube::log::status "Creating data container ${KUBE_BUILD_DATA_CONTAINER_NAME}" + # We have to ensure the directory exists, or else the docker run will + # create it as root. + mkdir -p "${LOCAL_OUTPUT_GOPATH}" + # We want this to run as root to be able to chown, so non-root users can + # later use the result as a data container. This run both creates the data + # container and chowns the GOPATH. local -ra docker_cmd=( "${DOCKER[@]}" run - "${DOCKER_DATA_MOUNT_ARGS[@]}" + --volume "${REMOTE_OUTPUT_GOPATH}" --name "${KUBE_BUILD_DATA_CONTAINER_NAME}" + --hostname "${HOSTNAME}" "${KUBE_BUILD_IMAGE}" - true + chown -R $(id -u).$(id -g) "${REMOTE_OUTPUT_GOPATH}" ) "${docker_cmd[@]}" fi @@ -583,6 +596,8 @@ function kube::build::run_build_command() { local -a docker_run_opts=( "--name=${KUBE_BUILD_CONTAINER_NAME}" + "--user=$(id -u):$(id -g)" + "--hostname=${HOSTNAME}" "${DOCKER_MOUNT_ARGS[@]}" ) @@ -635,9 +650,10 @@ function kube::build::copy_output() { # Bug: https://github.com/docker/docker/pull/8509 local -a docker_run_opts=( "--name=${KUBE_BUILD_CONTAINER_NAME}" - "${DOCKER_MOUNT_ARGS[@]}" - -d - ) + "--user=$(id -u):$(id -g)" + "${DOCKER_MOUNT_ARGS[@]}" + -d + ) local -ra docker_cmd=( "${DOCKER[@]}" run "${docker_run_opts[@]}" "${KUBE_BUILD_IMAGE}" diff --git a/hack/update-generated-protobuf-dockerized.sh b/hack/update-generated-protobuf-dockerized.sh index fa9294cd54d..447bf271462 100755 --- a/hack/update-generated-protobuf-dockerized.sh +++ b/hack/update-generated-protobuf-dockerized.sh @@ -23,7 +23,9 @@ source "${KUBE_ROOT}/hack/lib/init.sh" kube::golang::setup_env -hack/build-go.sh cmd/libs/go2idl/go-to-protobuf cmd/libs/go2idl/go-to-protobuf/protoc-gen-gogo +hack/build-go.sh \ + cmd/libs/go2idl/go-to-protobuf \ + cmd/libs/go2idl/go-to-protobuf/protoc-gen-gogo if [[ -z "$(which protoc)" || "$(protoc --version)" != "libprotoc 3.0."* ]]; then echo "Generating protobuf requires protoc 3.0.0-beta1 or newer. Please download and" @@ -39,7 +41,8 @@ gotoprotobuf=$(kube::util::find-binary "go-to-protobuf") # requires the 'proto' tag to build (will remove when ready) # searches for the protoc-gen-gogo extension in the output directory -# satisfies import of github.com/gogo/protobuf/gogoproto/gogo.proto and the core Google protobuf types +# satisfies import of github.com/gogo/protobuf/gogoproto/gogo.proto and the +# core Google protobuf types PATH="${KUBE_ROOT}/_output/local/go/bin:${PATH}" \ "${gotoprotobuf}" \ --proto-import="${KUBE_ROOT}/vendor" \ diff --git a/hack/update-generated-protobuf.sh b/hack/update-generated-protobuf.sh index 9686cec9746..01080bb376a 100755 --- a/hack/update-generated-protobuf.sh +++ b/hack/update-generated-protobuf.sh @@ -31,19 +31,13 @@ function prereqs() { fi kube::build::ensure_docker_daemon_connectivity || return 1 - KUBE_ROOT_HASH=$(kube::build::short_hash "${HOSTNAME:-}:${REPO_DIR:-${KUBE_ROOT}}/go-to-protobuf") + KUBE_ROOT_HASH=$(kube::build::short_hash "${HOSTNAME:-}:${REPO_DIR:-${KUBE_ROOT}}") KUBE_BUILD_IMAGE_TAG="build-${KUBE_ROOT_HASH}" KUBE_BUILD_IMAGE="${KUBE_BUILD_IMAGE_REPO}:${KUBE_BUILD_IMAGE_TAG}" KUBE_BUILD_CONTAINER_NAME="kube-build-${KUBE_ROOT_HASH}" KUBE_BUILD_DATA_CONTAINER_NAME="kube-build-data-${KUBE_ROOT_HASH}" DOCKER_MOUNT_ARGS=( - --volume "${REPO_DIR:-${KUBE_ROOT}}/cluster:/go/src/${KUBE_GO_PACKAGE}/cluster" - --volume "${REPO_DIR:-${KUBE_ROOT}}/cmd:/go/src/${KUBE_GO_PACKAGE}/cmd" - --volume "${REPO_DIR:-${KUBE_ROOT}}/vendor:/go/src/${KUBE_GO_PACKAGE}/vendor" - --volume "${REPO_DIR:-${KUBE_ROOT}}/hack:/go/src/${KUBE_GO_PACKAGE}/hack" - --volume "${REPO_DIR:-${KUBE_ROOT}}/pkg:/go/src/${KUBE_GO_PACKAGE}/pkg" - --volume "${REPO_DIR:-${KUBE_ROOT}}/federation:/go/src/${KUBE_GO_PACKAGE}/federation" - --volume "${REPO_DIR:-${KUBE_ROOT}}/third_party:/go/src/${KUBE_GO_PACKAGE}/third_party" + --volume "${REPO_DIR:-${KUBE_ROOT}}:/go/src/${KUBE_GO_PACKAGE}" --volume /etc/localtime:/etc/localtime:ro --volumes-from "${KUBE_BUILD_DATA_CONTAINER_NAME}" ) diff --git a/hack/verify-generated-protobuf.sh b/hack/verify-generated-protobuf.sh index c76ee2956db..5cc3af125c2 100755 --- a/hack/verify-generated-protobuf.sh +++ b/hack/verify-generated-protobuf.sh @@ -38,20 +38,13 @@ for APIROOT in ${APIROOTS}; do cp -a "${KUBE_ROOT}/${APIROOT}" "${_tmp}/${APIROOT}" done -# If not running as root, we need to use sudo to restore the original generated -# protobuf files. -SUDO="" -if [[ "$(id -u)" != '0' ]]; then - SUDO="sudo" -fi - "${KUBE_ROOT}/hack/update-generated-protobuf.sh" for APIROOT in ${APIROOTS}; do TMP_APIROOT="${_tmp}/${APIROOT}" echo "diffing ${APIROOT} against freshly generated protobuf" ret=0 diff -Naupr -I 'Auto generated by' "${KUBE_ROOT}/${APIROOT}" "${TMP_APIROOT}" || ret=$? - ${SUDO} cp -a "${TMP_APIROOT}" "${KUBE_ROOT}/${APIROOT%/*}" + cp -a "${TMP_APIROOT}" "${KUBE_ROOT}/${APIROOT%/*}" if [[ $ret -eq 0 ]]; then echo "${APIROOT} up to date." else